I've been playing around with a polarssl-enabled build of libcurl and the "ca-certificates.crt" generated by "mk-ca-bundle.pl" is failing with error -0x01A0. The polarssl sources define that error code as: POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
After some trial and error, I found that currently the only culprit is the cert from "COMODO ECC Certification Authority" which has a signature algorithm of "ecdsa-with-SHA384" The quick fix is to manually remove the offending cert from the bundle, after that polarssl can handle all the other certs just fine. The attached "mk-ca-bundle.lua" script contains a workaround that will (hopefully) exclude any certs with signature algorithms that polarssl doesn't understand. The workaround is turned off by default, you can enable it with the -p option. As a side note, while browsing the libcurl mailing list archives I came across this thread: http://curl.haxx.se/mail/archive-2010-07/0029.html which implies that libcurl+polarssl will not work with self-signed certificates. I can say that at least for me, self-signed certs are working just fine. (Provided of course that they are in a format that polarssl understands.) - Jeff
mk-ca-bundle.lua
Description: Binary data
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
